Houzz, a home improvement company, has warned customers of a data breach, although the extent of it is not yet clear.
On its website today, the company reports that “a file containing some of our user data was obtained by an unauthorized third party.”
The firm learned of the incident last December, and has notified customers who may be affected.
The episode was first reported by Digital Trends.
Houzz urges users to reset their passwords, adding that they will “need to have access to the email address that is associated with your Houzz profile.”
The exposure could include publicly visible information from a user’s profile, including name, city, state, country and profile description if they have made this information publicly available.
It also may include internal account information such as user ID, prior passwords, IP address, ZIP code (inferred from IP address) and encrypted and salted passwords.
The company says: “We continue to investigate the incident both with our internal team and with a leading forensics firm. We have also notified law enforcement authorities.”
It adds: “The security of user data is our priority.”
The breach does not include Social Security numbers, payment card data or other financial
information, the firm says.